1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • The Emotet botnet has returned with a venegeance

    From TechnologyDaily@1337:1/100 to All on Thu Nov 3 16:15:03 2022
    The Emotet botnet has returned with a venegeance

    Date:
    Thu, 03 Nov 2022 16:04:05 +0000

    Description:
    After a five-month break, Emotet is back to distributing malware via hijacked email chains.

    FULL STORY ======================================================================

    The dreaded Trojan Emotet is back after a five-month hiatus, kicking off a furious new malware distribution campaign, researchers are warning.

    Researchers from Cryptolaemus, a group that tracks Emotet, observed the
    threat actor suddenly come to life and spam email addresses worldwide with phishing emails , in the early morning of November 2.

    Looks like Ivan is in need of some cash again so he went back to work. Be on the lookout for direct attached XLS files and zipped and password protected XLS, the group warned in a Twitter thread . Weaponized Office files

    As usual, the campaign revolves around weaponized Office documents, in this particular case - Excel files carrying malicious macros.

    The threat actor hijacks existing email chains, using the reply feature to distribute the document. There are a few notable changes to how the trick works, though, as Microsoft has recently disabled macros by default, and requires admins to specifically allow the feature to run.

    Furthermore, Windows now adds the Mark-of-the-Web (MoTW) flag to all files downloaded from the internet. When opened, MoTW flagged files will display a message saying they were downloaded from an insecure location and that they can only be opened in Protected View, to protect the users from accidentally running a malicious macro. Read more

    Emotet is still the world's worst malware - but maybe not for long


    Google Chrome user profiles under attack from Emotet malware


    Here's our take on the best ID theft protection tools right now

    That has prompted the criminals to add a specific message to the file, mimicking Excels security warning (the yellow horizontal bar above the content) and saying that, in order to run the file, it needs to be placed in the Offices Templates folder.

    All files run from the Templates folder automatically run macros. Indeed, its not that easy to add files to that specific folder, as Windows requests admin permission, but chances are - many victims will ignore these obvious red flags.

    So far, Emotet is sitting dormant on compromised endpoints , so the researchers cant determine what kind of campaign its being used for. In the past, Emotet was used to drop Cobalt Strike beacons, TrickBot malware, and others. Check out the best firewalls today

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/the-emotet-botnet-has-returned-with-a-venegeanc e/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)